Lenny Zeltser received some very good answers as to why there are fewer scams on LinkedIn than Facebook.

I think this is the best answer:

People’s LinkedIn interactions have a professional perspective. This frame of mind doesn’t generate the same social/emotional response as Facebook, which makes them more resistant to being tricked, suggested @adamshostack. In addition, @marypcbuk pointed out that people tend to pay more attention to their LinkedIn interactions, because they police their professional activities more carefully than personal ones.

Facebook interactions are much more free flowing and emotional while LinkedIn, being professionally oriented, interactions are more thoughtful. On LinkedIn people are more cautious because they are more concerned with their reputations.

However an increasing number of organizations are seeing real benefits to the top line by engaging in the social web. Therefore simply blocking it’s usage is no longer an option. The InfoSec team must respond to the business side by mitigating the security risks of using the modern social web.

Lenny Zeltser relates a general psychology paper on Information Avoidance ($30 if you want to read the paper) to why security recommendations are ignored.

Here are the three reasons outlined in the paper:

(a) the information may demand a change in beliefs,
(b) the information may demand undesired action, and
(c) the information itself or the decision to learn information may cause unpleasant emotions or diminish pleasant emotions.

On the third point, Lenny hits on one of the age old concerns – the unpleasant emotion of “I bought the wrong security products.”

While this could be true in some situations, the more likely issue is that the security landscape has changed and obsoleted the purchased security product in question before it’s fully amortized.

We are seeing this today with respect to firewalls. The changes in the way browser-based applications communicate with servers and the related attack vectors have left traditional port-based firewall policies helpless to defend the organization.